To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

New Ransomware-as-a-Service ‘Yatron’ promoted via Twitter

Yatron has the ability to distribute via P2P programs by copying the ransomware executable to default folders used by programs like Kazaa, Ares, eMule, and more.

This ransomware could also delete the encrypted files if a payment has not been made within 72 hours.

A new Ransomware-as-a-Service named ‘Yatron’ is being promoted via Twitter. The RaaS is offered for a single payment of $100.

What is a RaaS - A Ransomware-as-a-Service is a service that offers ransomware and a payment server for cybercriminals and would be hackers to distribute the ransomware and infect victims by signing up to the service.

The ransom payment received from victims will be then shared by the member and the service provider.

Yatron RaaS - A security researcher who goes under the name ‘A Shadow’ notified BleepingComputer about the Yatron RaaS. Later, BleepingComputer analyzed the source code of the Yatron Ransomware with the help of another researcher named Michael Gillespie.

More details on the analysis

Yatron ransomware when executed, will scan the targeted system for files and encrypts them.

The encrypted files are appended with the .yatron extension.

The ransomware will then send the encryption password and unique ID back to its C&C server.

Gillespie noted that Yatron is based on HiddenTear, but its encryption algorithm has been modified so that it cannot be decrypted.

Worth noting

Yatron ransomware includes code to distribute to Windows machine via EternalBlue and DoublePulsar exploits. However, the code is incomplete and therefore the ransomware currently does not include the Eternalblue-2.2.0.exe and Doublepulsar-1.3.1.exe executables.

Yatron has the ability to distribute via P2P programs by copying the ransomware executable to default folders used by programs like Kazaa, Ares, eMule, and more.

This ransomware could also delete the encrypted files if a payment has not been made within 72 hours. However, users can terminate the ransom process to prevent the files from being deleted by using a tool like Process Explorer running as an Administrator.

Features of Yatron RaaS

Yatron RaaS offers FUD ransomware and FUD decryptor with the following features,

Ryan Stewart

Ryan is a senior cybersecurity and privacy analyst. He keenly follows the innovation and development in cybersecurity technologies, and loves to educate everyone about the what, why, and how of major incidents in the cybersecurity world.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.